Healthcare Industry: Time to reinforce privileged access control

Oct 24, 2018 | Healthcare , Authentication

IT security awareness has become a crying need for the CIOs, CISOs and CTOs of global enterprises. After BFSI, Government, Manufacturing, IT and Pharmaceuticals industry, now Healthcare industry is facing the wrath of Cyber criminals. Off late healthcare sector has become a lucrative target for those who target compromised privileged accounts to steal sensitive information. Here is a telltale evidence of what this industry has faced in the last six months’ period.

When

Where

What/ How

September 2018

Blue Cross, Philadelphia, USA

An employee uploaded a file containing member information to a public website exposing data of more than 16,000 people

August 2018

Augusta University, Georgia, Eurasia

The patient records of Augusta University healthcare center were breached

July 2018

SingHealth, Singapore

Singapore's Govt. Health record was breached from front-end workstation's privileged credentials of 1.5 million people including that of PM Mr. Lee Hsing Loong

July 2018

LabCorp, Carolina, USA

Largest Clinical laboratories of US was forced to shut down all their network after suspicious activities were found happening

Most of the security breaches happened because the user monitoring, authentication and access control mechanism of the privileged accounts were weak. Malicious insiders typically target privileged accounts to get hold of highly confidential information. In fact, the latest reports show that the reason for almost 60% of data breaches in healthcare the industry are due to malicious insiders. It is an alarming rise of more than 6% (figure might change after the last quarter of 2018) comparing to that of 2017. Most of the lost/ stolen records were not recovered and thus the organizations suffered huge financial and reputation loss. From more than 470 breach incidents (only Healthcare industry) that happened in 2017, almost 5.6 million patients’ records suffered privacy loss. Hence, it is imperative that organizations would take up stringent IT security policies for a robust access control and access management. However, the above incidents show that loopholes are still there to keep patients’ records safe and the compromised actors (insiders / third party elements) have made the most use of them.

As an obvious and important preventive measure, it is highly important for organizations to keep mandatory and continuous vigilance on the employees accessing critical accounts. A robust Privileged Access Management (PAM) can help the organizations mitigate data breach worries. Medical records are highly confidential where patients’ not only have their personal details but also the details of their keen who are attending them. Thus, a single compromise could result in dire consequences.

How Privileged Access Management (PAM) can be a solution to the healthcare industry’s critical information:

Access to target systems is allowed on “need-to-know” and “need-to-do” basis